Cloudera

This is the documentation for Cloudera 5.3.x. Documentation for other versions is available at Cloudera Documentation.

Permission Requirements

The following sections describe the permission requirements for package-based
installation and upgrades of CDH with and without Cloudera Manager. The
permission requirements are not controlled by Cloudera but result from
standard UNIX system requirements for the installation and management of
packages and running services.

One of the following, configured during initial installation of Cloudera
Manager:

Direct access to root user via the root password.

Direct access to root user using a SSH key file.

Passwordless sudo access for a specific user. This is the same requirement as
the installation of CDH components on individual hosts,
which is a requirement of the UNIX system in general.

You cannot use another system (such as PowerBroker) that provides
root/sudo privileges.

Install the Cloudera Manager Agent through Cloudera Manager.

One of the following, configured during initial installation of Cloudera
Manager:

Direct access to root user via the root password.

Direct access to root user using a SSH key file.

Passwordless sudo access for a specific user. This is the same requirement as
the installation of CDH components on individual hosts,
which is a requirement of the UNIX system in general.

You cannot use another system (such as PowerBroker) that provides
root/sudo privileges.

Run the Cloudera Manager Agent.

If
single
user mode is not enabled, access to the root account
during runtime, through one of the following scenarios:

During Cloudera Manager and CDH installation, the Agent is automatically started
if installation is successful. It is then started via one of
the following, as configured during the initial installation
of Cloudera Manager:

Direct access to root user via the root password

Direct access to root user using a SSH key file

Passwordless sudo access for a specific user

Using another system (such as PowerBroker) that provides root/sudo privileges is
not acceptable.

This permission requirement ensures that services managed by the Cloudera
Manager Agent assume the appropriate user (that is, the HDFS
service assumes the hdfs user) for correct
privileges. Any action request for a CDH service managed
within Cloudera Manager does not require root and/or
sudo access, because the action is handled by the Cloudera
Manager Agent, which is already running under the root user.

root and/or sudo access for the installation of any RPM-based package during the
time of installation and service startup/shut down. Passwordless
SSH under the root user is not required for the installation
(SSH root keys).

Upgrade a previously installed CDH package.

root and/or sudo access. Passwordless SSH under the root user is not required
for the upgrade process (SSH root keys).

Manually install or upgrade hosts in a CDH ready cluster.

Passwordless SSH as root (SSH root keys), so that scripts can be used to help
manage the CDH package and configuration across the cluster.